From 3709b481dc163b59277da23fea466a0a77a047a7 Mon Sep 17 00:00:00 2001 From: Tariq Ibrahim Date: Mon, 28 Oct 2024 21:26:32 -0700 Subject: [PATCH 1/3] switch to nvcr.io registry and update from ubi8 to ubi9 Signed-off-by: Tariq Ibrahim --- .common-ci.yml | 10 ++++----- .github/workflows/image.yaml | 6 ++--- .nvidia-ci.yml | 22 +++++++++---------- .../{Dockerfile.ubi8 => Dockerfile.ubi9} | 6 ++--- deployments/container/Dockerfile.ubuntu | 4 ++-- deployments/container/Makefile | 4 ++-- 6 files changed, 26 insertions(+), 26 deletions(-) rename deployments/container/{Dockerfile.ubi8 => Dockerfile.ubi9} (93%) diff --git a/.common-ci.yml b/.common-ci.yml index c8acaf6..7280ff1 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -43,9 +43,9 @@ stages: variables: DIST: ubuntu22.04 -.dist-ubi8: +.dist-ubi9: variables: - DIST: ubi8 + DIST: ubi9 # Define the platform targets .platform-amd64: @@ -154,13 +154,13 @@ stages: OUT_IMAGE_VERSION: "${DEVEL_RELEASE_IMAGE_VERSION}" # Define the release jobs -release:staging-vectoradd-ubi8: +release:staging-vectoradd-ubi9: extends: - .release:staging - - .dist-ubi8 + - .dist-ubi9 - .sample-vectoradd needs: - - image-vectoradd-ubi8 + - image-vectoradd-ubi9 release:staging-vectoradd-ubuntu22.04: extends: diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 44a007b..bb08819 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -35,15 +35,15 @@ jobs: matrix: dist: - ubuntu22.04 - - ubi8 + - ubi9 sample: - vectorAdd - nbody - deviceQuery exclude: - - dist: ubi8 + - dist: ubi9 sample: deviceQuery - - dist: ubi8 + - dist: ubi9 sample: nbody steps: diff --git a/.nvidia-ci.yml b/.nvidia-ci.yml index c7d04bf..d14f52f 100644 --- a/.nvidia-ci.yml +++ b/.nvidia-ci.yml @@ -72,10 +72,10 @@ image-vectoradd-ubuntu22.04: - .dist-ubuntu22.04 - .sample-vectoradd -image-vectoradd-ubi8: +image-vectoradd-ubi9: extends: - .image-pull - - .dist-ubi8 + - .dist-ubi9 - .sample-vectoradd image-device-query-ubuntu22.04: @@ -160,24 +160,24 @@ scan-device-query-ubuntu22.04-arm64: - image-device-query-ubuntu22.04 - scan-device-query-ubuntu22.04-amd64 -scan-vectoradd-ubi8-amd64: +scan-vectoradd-ubi9-amd64: extends: - .scan - .sample-vectoradd - - .dist-ubi8 + - .dist-ubi9 - .platform-amd64 needs: - - image-vectoradd-ubi8 + - image-vectoradd-ubi9 -scan-vectoradd-ubi8-arm64: +scan-vectoradd-ubi9-arm64: extends: - .scan - .sample-vectoradd - - .dist-ubi8 + - .dist-ubi9 - .platform-arm64 needs: - - image-vectoradd-ubi8 - - scan-vectoradd-ubi8-amd64 + - image-vectoradd-ubi9 + - scan-vectoradd-ubi9-amd64 scan-nbody-ubuntu22.04-amd64: extends: @@ -222,10 +222,10 @@ release:ngc-device-query-ubuntu22.04: - .dist-ubuntu22.04 - .sample-device-query -release:ngc-vectoradd-ubi8: +release:ngc-vectoradd-ubi9: extends: - .release:ngc - - .dist-ubi8 + - .dist-ubi9 - .sample-vectoradd release:ngc-nbody-ubuntu22.04: diff --git a/deployments/container/Dockerfile.ubi8 b/deployments/container/Dockerfile.ubi9 similarity index 93% rename from deployments/container/Dockerfile.ubi8 rename to deployments/container/Dockerfile.ubi9 index a57c859..e7b296f 100644 --- a/deployments/container/Dockerfile.ubi8 +++ b/deployments/container/Dockerfile.ubi9 @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM nvidia/cuda:12.6.2-devel-ubi8 AS builder +FROM nvcr.io/nvidia/cuda:12.6.2-devel-ubi9 AS builder ARG CUDA_VERSION -RUN dnf install -y \ +RUN dnf install -y --allowerasing \ curl \ && \ dnf clean all @@ -31,7 +31,7 @@ RUN curl -L https://codeload.github.com/NVIDIA/cuda-samples/tar.gz/refs/tags/${C make build && \ cp $(find /build/bin -iname "${SAMPLE_NAME}") /build/${SAMPLE_NAME} -FROM nvidia/cuda:12.6.2-base-ubi8 +FROM nvcr.io/nvidia/cuda:12.6.2-base-ubi9 ARG SAMPLE_NAME LABEL io.k8s.display-name="NVIDIA CUDA ${SAMPLE_NAME} sample" LABEL name="NVIDIA CUDA ${SAMPLE_NAME} sample" diff --git a/deployments/container/Dockerfile.ubuntu b/deployments/container/Dockerfile.ubuntu index d5843f9..d236b3d 100644 --- a/deployments/container/Dockerfile.ubuntu +++ b/deployments/container/Dockerfile.ubuntu @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM nvidia/cuda:12.6.2-devel-ubuntu22.04 AS builder +FROM nvcr.io/nvidia/cuda:12.6.2-devel-ubuntu22.04 AS builder ARG SAMPLE_NAME ENV SAMPLE_NAME ${SAMPLE_NAME} @@ -41,7 +41,7 @@ RUN curl -L https://codeload.github.com/NVIDIA/cuda-samples/tar.gz/refs/tags/${C make build && \ cp $(find /build/bin -iname "${SAMPLE_NAME}") /build/${SAMPLE_NAME} -FROM nvidia/cuda:12.6.2-base-ubuntu22.04 +FROM nvcr.io/nvidia/cuda:12.6.2-base-ubuntu22.04 ARG SAMPLE_NAME LABEL io.k8s.display-name="NVIDIA CUDA ${SAMPLE_NAME} sample" LABEL name="NVIDIA CUDA ${SAMPLE_NAME} sample" diff --git a/deployments/container/Makefile b/deployments/container/Makefile index 4a74687..a62a742 100644 --- a/deployments/container/Makefile +++ b/deployments/container/Makefile @@ -45,7 +45,7 @@ OUT_IMAGE_TAG ?= $(LOWER_CASE_SAMPLE)-$(OUT_IMAGE_VERSION)-$(DIST) OUT_IMAGE = $(OUT_IMAGE_NAME):$(OUT_IMAGE_TAG) DEFAULT_PUSH_TARGET := ubuntu22.04 -DISTRIBUTIONS := ubuntu22.04 ubi8 +DISTRIBUTIONS := ubuntu22.04 ubi9 BUILD_TARGETS := $(patsubst %,build-%, $(DISTRIBUTIONS)) PUSH_TARGETS := $(patsubst %,push-%, $(DISTRIBUTIONS)) @@ -84,7 +84,7 @@ build-%: DOCKERFILE = $(CURDIR)/deployments/container/Dockerfile.$(DOCKERFILE_SU build-ubuntu%: DOCKERFILE_SUFFIX = ubuntu -build-ubi8: DOCKERFILE_SUFFIX = ubi8 +build-ubi9: DOCKERFILE_SUFFIX = ubi9 # Use a generic build target to build the relevant images $(BUILD_TARGETS): build-%: From 32f1e4aaddbc3e14279227b95ce38bc2522316e3 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Tue, 29 Oct 2024 17:45:04 +0100 Subject: [PATCH 2/3] Remove CVE_UPDATES logic Signed-off-by: Evan Lezar --- deployments/container/Dockerfile.ubi9 | 7 ------- deployments/container/Dockerfile.ubuntu | 7 ------- deployments/container/Makefile | 1 - 3 files changed, 15 deletions(-) diff --git a/deployments/container/Dockerfile.ubi9 b/deployments/container/Dockerfile.ubi9 index e7b296f..c04ec8e 100644 --- a/deployments/container/Dockerfile.ubi9 +++ b/deployments/container/Dockerfile.ubi9 @@ -43,13 +43,6 @@ LABEL description="See summary" COPY ./LICENSE ./licenses/LICENSE -# Install / upgrade packages here that are required to resolve CVEs -ARG CVE_UPDATES -RUN if [ -n "${CVE_UPDATES}" ]; then \ - yum update -y ${CVE_UPDATES} && \ - rm -rf /var/cache/yum/*; \ - fi - RUN mkdir -p /cuda-samples COPY --from=builder /build/${SAMPLE_NAME} /cuda-samples/${SAMPLE_NAME} diff --git a/deployments/container/Dockerfile.ubuntu b/deployments/container/Dockerfile.ubuntu index d236b3d..9e8c82d 100644 --- a/deployments/container/Dockerfile.ubuntu +++ b/deployments/container/Dockerfile.ubuntu @@ -61,13 +61,6 @@ RUN test "${SAMPLE_NAME}" = "nbody" && apt-get update && apt-get install -y --no COPY ./LICENSE ./licenses/LICENSE -# Install / upgrade packages here that are required to resolve CVEs -ARG CVE_UPDATES -RUN if [ -n "${CVE_UPDATES}" ]; then \ - apt-get update && apt-get upgrade -y ${CVE_UPDATES} && \ - rm -rf /var/lib/apt/lists/*; \ - fi - RUN mkdir -p /cuda-samples COPY --from=builder /build/${SAMPLE_NAME} /cuda-samples/${SAMPLE_NAME} diff --git a/deployments/container/Makefile b/deployments/container/Makefile index a62a742..b8795a8 100644 --- a/deployments/container/Makefile +++ b/deployments/container/Makefile @@ -96,6 +96,5 @@ $(BUILD_TARGETS): build-%: --tag $(IMAGE) \ --build-arg CUDA_SAMPLES_VERSION="$(CUDA_SAMPLES_VERSION)" \ --build-arg SAMPLE_NAME=$(SAMPLE) \ - --build-arg CVE_UPDATES="$(CVE_UPDATES)" \ -f $(DOCKERFILE) \ $(CURDIR) From e1d1efb5d34d2e2bb6604f767b8d9430802b1036 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Tue, 29 Oct 2024 21:54:47 +0100 Subject: [PATCH 3/3] TOFIX: Start with base container and install minimum Signed-off-by: Evan Lezar --- deployments/container/Dockerfile.ubuntu | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/deployments/container/Dockerfile.ubuntu b/deployments/container/Dockerfile.ubuntu index 9e8c82d..87699c8 100644 --- a/deployments/container/Dockerfile.ubuntu +++ b/deployments/container/Dockerfile.ubuntu @@ -12,21 +12,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM nvcr.io/nvidia/cuda:12.6.2-devel-ubuntu22.04 AS builder +FROM nvcr.io/nvidia/cuda:12.6.2-base-ubuntu22.04 AS builder ARG SAMPLE_NAME ENV SAMPLE_NAME ${SAMPLE_NAME} ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y --no-install-recommends \ + cuda-nvcc-12-6 \ curl \ - && ( \ - # The nbody sample requires libGL, libGLU, and libglut - test "${SAMPLE_NAME}" != "nbody" || apt-get install -y --no-install-recommends \ - freeglut3-dev \ - libgl1-mesa-dev \ - libglu1-mesa-dev \ - ) \ + g++ freeglut3-dev build-essential libx11-dev \ + libxmu-dev libxi-dev libglu1-mesa-dev libfreeimage-dev libglfw3-dev \ && \ rm -rf /var/lib/apt/lists/*